Skip to content

Basic HyWorks Configuration

The Basic HyWorks configuration is for organizations with a Single Organizational structure in which logical separation of resources is not required. It also includes configuring the authentication mode.

If a logical separation of resources is required, refer to the configuration steps mentioned in the Multi-Organization Deployment section.

HyWorks Deployment in a Single Organization

While this flowchart depicts the entire configuration, this section only describes the steps of the basic configuration.

Step 1: Install the HyWorks Controller service and Management Console

HyWorks Controller supports two types of deployments:

  1. Standalone (HyWorks without High Availability): The HyWorks Controller must be installed with the SQL Servers. Refer to the HyWork Controller Installation section for details.

  2. Cluster: HyWorks Controllers must be installed with the SQL Server with additional prerequisites. Refer to the HyWorks Controller Installation For Cluster section for details.

Use the Installation Wizard to install the HyWorks Controller and Management console. For the entire installation process, refer to the HyWorks Installation section.

Step 2: Add the Authentication Server and the Authentication Domain configuration

Once the installation is complete, the next step is to add the authentication server and configure the authentication domain to specify the authorization and authentication servers.

HyWorks supports the following authentication servers:

  1. Microsoft Active Directory
  2. Novell Directory/Open LDAP
  3. Built-in (available by default)

Configure Authentication Server:

  1. Go to Settings > Configure > Authentication and click Add.

  2. In the Authentication Server window, select the Server Type, for example, Microsoft Active Directory, Novell Directory/Open LDAP, and specify the following information:

    1. Enter the display name for the authentication server. This uniquely identifies the server.

    2. Provide the server address, for example, 192.168.1.1 or Accops.com.

    3. Provide an appropriate Domain name, which could be the NetBIOS Name for the domain (this domain name information will be used for signing into the remote sessions).

    4. The Port Number to be used to communicate with the authentication server (default is 389).

    5. Enable SSL: Check this checkbox to see if the configured Active Directory supports secure communication (the default port for SSL communication is 636).

    6. Provide the Base DN information (mandatory for LDAP-type authentication servers and Active Directory configurations when the Active Directory options value under System > Advance Config is set to six (6), which uses the LDAP search method to communicate with AD).

      1. All the users, groups, and OUs will be fetched if the Base DN information is not provided.

      2. Users, groups, or OUs will be fetched accordingly when providing the specific Base DN information.

    7. The User DN (mandatory for LDAP-type authentication servers and for Active Directory configurations when the Active Directory options value under System > Advance Config is set as six (6), which uses the LDAP search method to communicate with AD ) is the user who will communicate with the Active Directory server. The user should have privileges to fetch the user, group, and OU information under the specified base DN.

    8. Username: The user’s username from authentication will be used to communicate with the Active Directory server; the user should have privileges to fetch user, group, and OU information. This field is only available for Active Directory-type authentication server configuration.

    9. A valid Password for the user is configured in steps 7 and 8 above.

    10. Select an appropriate Login Attribute: User ID, User Principal Name, Mail ID, or Phone number. The selected attribute will be used to authenticate the user when logging in.

      1. User ID: Map the username the user enters with the User ID field of HyWorks.
      2. User Principal Name: Map the username entered by the user with the User Principal Name field of HyWorks. HyWorks will form the User Principal Name using the following methods:

    11. User logs in using only the username without a domain name: HyWorks will generate the UPN using the domain name configured in the authentication server configuration. For example, the user logs in using john.test - john.test@domain.com.

    12. User logs in using the domain name\username: HyWorks will generate the UPN using the domain name and the username provided by the user. For example, the user logs in using the domain.com\john.test - john.test@domain.com.

    13. User logs in using the full UPN in format username@domain-name: HyWorks will use the credentials as provided. For example, the user logs in using - john.test@domain.com - john.test@domain.com.

      1. Mail Id: Map the username the user enters with the Mail Id field of HyWorks.
    14. Phone Number: Map the username the user enters with the Phone Number field of HyWorks.

Note

  • The default login attribute for configuring the Active Directory is SAMAccountName, and for LDAP, is CN.

  • These attributes (SAMAccountName with AD and CN with LDAP server) are most commonly the user login attributes.

  1. Log Attributes in Login: This field is optional. Specify the AD attributes that will be logged in logs and each user login event. This field can generate additional information in the log file to generate a customer report.

  2. Skip Login Attribute Verification: By default, this is enabled, but when unchecked, all four underlying attributes will be checked on the AD, whether present or not, when configuring the AD. If checked and it is found that any attribute is missing in the AD, then an error will be reported during user login. For example, if the "Phone Number" attribute is specified as the "telephoneNumber" AD attribute and this attribute does not exist in the AD, an error will be reported during login.

  3. Add secondary authentication server: This option is unchecked by default. Select and provide details of the secondary authentication server for Active Directory failover conditions. The provided secondary authentication server must sync with the primary Active Directory server.

  4. Click Test Connection.

  5. If the connection is established successfully, click Add.

This completes the Authentication Server configuration. For detailed information, refer to the Authentication Server Configuration Section in the Admin Guide.

Configure Authentication Domain:

  • The authentication domain defines the server to be used for authentication and the server to be used for authorization (entitlements).
  • Authentication and authorization servers can be the same or different, based on the requirement.
  • The Domain name is to be used for connections, etc.

To configure the Authentication domain, follow the steps given below:

  1. Go to Settings > Configure > Organizations.

  2. Select the default or child organization and click Edit.

  3. In the Edit Organization wizard, go to the Authentication Domain section and specify:

    1. Authentication Server: This server will authenticate the user on login.

    2. Authorization Server: All assignments and entitlements will be done from this server.

    3. The Domain Name will be fetched from:

      • Authentication Server
      • Authorization Server
      • Custom Domain

    4. If you are using the Built-in Authorization server, provide the following information:

      • User creation on RDS: Choose Manual synchronization to synchronize manually, set it to Automatically on logon, or Do not create.

      • User credentials for RDS: Select the Built-in directory credential if you want to connect to HyWorks using the built-in credentials. If you do not select this option, the connection will be made using the logged-in user’s credentials (user-provided credentials).

      • Populate users into the built-in directory: Define how users will be populated in the Built-in directory.

        • Create Users in the Built-in Directory: If you choose this option, the Administrator must add users manually or import them from CSV files.
        • Import Users from the Authentication Server: If you choose this option, you can import users from other authentication servers into the Built-in directory.

        Note

        If the authentication and authorization servers use different search attributes, logon failure or authorization issues can result.

  4. Go to the Desktop Client Settings and click Save.

This completes the configuration of the Authentication domain.

The subsequent steps will depend on the kind of session delivery mechanism.

Resource configurations in Shared VDI

HyWorks supports the delivery of applications and Shared Hosted Desktops from the following platforms:

  • Windows

  • Windows Server 2025

  • Windows Server 2022

  • Windows Server 2019 (Essential - not supported)

  • Windows Server 2016

  • Windows Server 2012 R2

  • Windows Server 2008 R2-SP1

  • Windows Server 2003 (limited features supported)

  • Windows 11/10 Multi-session (Only with AVD)

Note

Sometimes, multiple connections to Windows Server 2022 or the latest Windows 2019 do not work. This can be resolved using the steps provided in the article HyWorks — 3.4 Webhelp > Knowledge Base Articles Resolve Unable to Connect Multiple Users on Windows 2022.

  • Linux SHD Server

Note

  • The platforms listed are supported only with the v3.4-SP2 Linux packages.
  • The v3.6 Linux Dependency Packages and DVM Tools are currently under General Availability (GA) release preparation. The list of supported platforms will be updated accordingly once the release is finalized.

  • Xubuntu 24.04.0/1 (Legacy Kernel)

  • Xubuntu 22.04.0/1 (Legacy Kernel)

  • Xubuntu 20.04.0/1 (Legacy Kernel)

  • Xubuntu 18.04.0/1 (Legacy Kernel)

  • Xubuntu 16.04.0/1 (Legacy Kernel)

Important

  • HyWorks only supports operating system versions with point 0/1 that use a non-HWE (Hardware Enablement) kernel. Versions with an HWE kernel are not supported.
  • Ensure that you install only versions with point 0/1. Installing any other version may lead to package or tool installation issues, resulting in failure to deliver applications or desktop environments.

Add Session Providers

  1. Go to VDI > Session Servers > Servers and click Add.

  2. In the Add Session Provider wizard,

    1. Select the Type as Microsoft RDS Server or Linux RDS Server.

    2. Provide an appropriate Name for the session provider, enter the IP address or The hostname of the RDS server in the Host Address field.

    Note

    The Windows Remote Desktop Session Host role must be installed with the Accops HyWorks Session Host Server module.

  3. Enter the RDP Port number to connect with the client.

  4. Select the Session Team. Session Teams are created to balance the load among the session host servers. By default, two session teams—one for Windows configuration and one for Linux configuration—are created and cannot be deleted. Linux SHD Servers and Windows SHD Servers should be created in the Linux and Windows Session teams, respectively.

    1. The Weight field can be enabled as per the session team selection. This field represents the server's respective weight and should be set according to its capabilities compared to other servers in the team.

  5. Set the Max Session count to restrict the maximum number of sessions to be given from this Session Host Server. Set Zero for unlimited sessions.

  6. Select the Active to enable the Session Host Server for session delivery. Inactive Session Host Servers are not used to give sessions.

  7. Set the Advance Configuration as per the requirement.

    • Enable Diagnostics
    • Enable Remote Control
    • Enable Virtual-IP

  8. Select the Assign Applications to display options to associate already published applications in HyWorks with the Session Host Servers. Ignore if the Session Host Server is added for Shared Hosted Desktop delivery only or if applications have to be published later.

  9. Click Add.

The Session Host Server should now be configured and should be ready for the Shared Hosted Desktop or application deliveries.